Date: Wed, 07 Apr 2021 16:38:46 -0400 From: "Valdis Klētnieks" <valdis.kletnieks@...edu> To: John Wood <john.wood@....com> Cc: kernelnewbies@...nelnewbies.org, Andi Kleen <ak@...ux.intel.com>, Kees Cook <keescook@...omium.org>, kernel-hardening@...ts.openwall.com Subject: Re: Notify special task kill using wait* functions On Wed, 07 Apr 2021 19:51:51 +0200, John Wood said: > When brute detects a brute force attack through the fork system call > (killing p3) it will mark the binary file executed by p3 as "not allowed". > From now on, any execve that try to run this binary will fail. This way it > is not necessary to notify nothing to userspace and also we avoid an exec > brute force attack due to the respawn of processes  by a supervisor > (abused or not by a bad guy). You're not thinking evil enough. :) I didn't even finish the line that starts "From now on.." before I started wondering "How can I abuse this to hang or crash a system?" And it only took me a few seconds to come up with an attack. All you need to do is find a way to sigsegv /bin/bash... and that's easy to do by forking, excecve /bin/bash, and then use ptrace() to screw the child process's stack and cause a sigsegv. Say goodnight Gracie... Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.